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DETAILED ACTION 

1. This action is responsive to communications: application, filed 9/22/2003; 
amendment filed 10/1/2007. 

2. Claims 1-86 are pending in the case. 

Response to Arguments 

3. Double Patenting Rejection: 

With regards to Double Patenting rejection, applicant argues that claim 3 of the 719 
application (application number 10/243'355) has been cancelled, and therefore the 
limitations of the 719 application does not make the claimed invention obvious. The 
argument is found persuasive, however, a double patenting rejection based on other 
claims of the 719 application is outlined in the next section. Therefore, the obviousness- 
type provisional Double Patenting is maintained. Examiner also notes that applicant 
argues that to arrive at claim 1 in the instant application requires elimination of the token 
and its recited properties from 719 application. However, Double Patenting requires that 
all limitations of the instant application be anticipated or made obvious by the other 
commonly owned patent. It is not necessary for the instant application to make the other 
application obvious. In other words, if a subset of the claims of the commonly owned 
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patent makes the instant application obvious, the Obviousness-type Double Patenting is 
valid. 

4. Prior Art Rejections: 

With regards to rejection of claims 1 , 10, 19 and 28 under section 102(e) applicant 
argues that Muntz does not teach the requirement of one or more delivery parameters 
identifying the target device. However, as identified by the Specification, and admitted 
by the applicant, "delivery parameter" describes any value used to determine the 
destination or target device to which the content is delivered. Page 4 of the Final 
rejection, mailed 6/27/2007, clearly shows how Muntz identifies a destination or target 
device. Applicant argues that the "delivery parameters" are reduced to a gist. However, 
as mentioned above, "delivery parameters" are any value that identifies a target system . 
Page 4 of Final rejection shows how Muntz identifies the target. It is not clear how this 
rationale has reduced the definition to a gist. 

With regards to claims 2-9, 11-18, 20-27 and 29-86, applicant argues that the rejection 
failed to demonstrate how knowledge of a tokenized URL teaches a token pool. 
However, Examiner has taken the Official Notice that general methods of token 
generation, such as token pools were well known in the art at the time of invention. The 
claimed invention does not identify specific details of token generation using token pools 
that is distinguishable from general method of token generation. Applicant further 
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argues the limitations of "determining a token pool associated with said digital content; 
determining a token in said token pool; and creating a tokenized URL based at least in part on 
said token" is not considered in the rejection. However, as mentioned in rejection of 
claiml , Muntz teaches tokens associated with digital content (see parag. 23). Examiner 
takes the Official Notice that use of URLs and Tokenized URLs to identify the location of 
data in a resource were well known at the time of invention. Therefore, it would have 
been obvious to create a tokenized URL in order to use it to identify the location of data 
(token). Note once again that identifying the location of data is the primary purpose of 
URLs and Tokenized URLs, as exemplified by their extended in the World Wide Web. 

With regards to claim 6, applicant argues that the rejection does not show a serial 
number that identifies the target. However, the rejection clearly shows that the target 
device is identified. Identifying a device using a serial number was well known in the art 
at the time of invention. For example, devices connected to a local area network LAN 
extensively used MAC addresses to identify the connected devices. The communication 
protocol delivered packets to the target devices based on the MAC address, which is a 
serial number assigned by the manufacturer of the NIC. Therefore, use of serial 
numbers to identify the target device in a network would have been obvious to the one 
skilled in art. 
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With respect to claims 7 and 9, applicant mentions that the claims further define the 
delivery parameters, but does not specify how the associated rejection fails to make the 
requirements obvious. 

With respect to Claim 33, 50, 67 and 84, applicant argues that there has been no 
teaching cited of delivery parameters as recited in these claims, a target ID, or the 
specific limitations recited in the claims. However, in addition to the associated 
rejections, pages 7-9 of the Final rejection explains how the rejection addresses all 
required limitations of the mentioned claims. 

Applicant further argues that the specific limitations on how the target key and the first 
key are obtained is not disclosed. However, the specific limitations mentioned by the 
applicant are determining the target key based on a target ID identifying the target 
device, or applying a cryptographic process to a first key and the content request to get 
the session key. Therefore, the cited limitations refer to creating a session key based on 
a combination of other keys (parameters) using a cryptographic process. Examiner has 
taken the official notice that this process is well-known to the one skilled in art. In other 
words combination of several parameters associated with the elements of an 
authentication process, such as the identification of the target system or the received 
request, was broadly used and practiced before the time of invention. As an example, 
see section page 175 of the text book "Applied Cryptography" by B. Schneier, a copy of 
which was included with the Final Office Action. Therefore, barring any expressed 
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unexpected results from the particular selection of parameters or the process of 
combination, it would have been obvious to the one skilled in art to provide the session 
key as identified by limitations of claim 33. 

With regards to claims 34-49, 51-66, 68 -83, 85 and 86, applicant argues that there is 
no reference shown for token pool, or tokens in the pool having different characteristics, 
or tokens associated with digital content. These concepts are reflected in the 
documents identified in Notice of References Cited, such as US 5'943'424, which 
teaches token pools and use of tokens in authenticated transactions, or US 6'961'858, 
which teaches the use of tokens for identifying the encryption protocol or cryptographic 
process to be used. 

Based on the discussion above, Examiner has provided a prima facie case of 
obviousness based on the cited references and what is known in the prior art. The next 
section outlines the currently applicable rejections. 

Double Patenting 

5. The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. See, In re Goodman, 1 1 
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F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 
645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In 
re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 
528, 163 USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) may be 
used to overcome an actual or provisional rejection based on a nonstatutory double 
patenting ground provided the conflicting application or patent is shown to be commonly 
owned with this application. See 37 CFR 1/1 30(b). 

Effective January 1 , 1994, a registered attorney or agent of record may sign a . 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 

6. Claims 1-4, 10-13, 19-22, 28, and 30-32 are provisionally rejected under the 
judicially created doctrine of obviousness-type double patenting as being unpatentable 
over claims 1,2,5, and 6 of Application No. 1 0/243'355 (de Jong et al.). Although the 
conflicting claims are not identical, they are not patentably distinct from each other 
because de Jong discloses: 

de Jong claim 6: A method for digital content access control, the method comprising: 
sending, from a user device, a digital content request comprising a request for digital 
content to a content provisioner capable of authenticating said request; creating, by said 
content provisioner, an authenticated digital content request based at least in part on 
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said digital content request if access to said digital content is authorized; 
communicating, by said content provisioner, said authenticated digital content request 
to a content repository capable of returning said digital content directly to a user in 
response to said authenticated digital content request from said authenticated digital 
content request wherein said content repository is different from said user device; and 
receiving, by said user device directly from said content repository, digital content 
corresponding to said digital content request. 



de Jong claim 1: A method for digital content access control, the method comprising: 
sending a digital content request comprising a request for digital content to a content 
provisioner capable of authenticating said request; receiving an authenticated digital 
content request in response to said digital content request; and sending said 
authenticated digital content request to a content repository that provides storage for 
said digital content. 

de Jong claim 2: The method of claim 1 , further comprising receiving said digital 
content in response to said authenticated digital content request. 

de Jong claim 5: The method of claim 1 wherein said token is from a token pool 
associated with the location of digital content for which access is authorized. 
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Claims 1, 10, 19, and 28 of the instant application are obvious overclaims 6 and 1 
above, as they produce a method for digital content access control, comprising: 
receiving by a content provisioner a digital content request from a user device, 
comprising a request for digital content (claim 6 first paragraph shows sending the 
request from a user to a content provisioner); creating, by said content provisioner, an 
authenticated digital content request if a user associated with said digital content 
request is authorized to access said digital content (claim 6, paragraph 2); determining, 
by said content provisioner, one or more delivery parameters, said one or more delivery 
parameters identifying a target device to receive said digital content, wherein one or 
more parameters is used to determine the target device (claim 6 shows that the content 
provisioner communicates the request to a content repository, and the content 
repository sends the content directly to the user. Therefore, the identity of the target 
receiving the content must be identified to the content repository. Therefore, it would 
have been obvious to include the target identity by the content provisioning device and 
sending it to the repository. Note that the user has already sent an authenticated 
request to the content provisioner (claim 6, paragraph 1), and therefore the content 
repository knows the identity of the user who will be receiving the content); and 
sending, by said content provisioner, said authenticated digital content request including 
said one or more delivery parameters (claim 1, last paragraph). 



Claims 2, 3, 11, 12, 20-21, 30-31 of the instant application are obvious over claims 1, 6 
and 5 above, as they produce limitations of claim 1 and wherein said digital content 
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request comprises a Universal Resource Locator (URL); said authenticated digital 
content request comprises a tokenized URL; and said creating further comprises: 
determining a token pool associated with said digital content; determining a token in 
said token pool; and creating a tokenized URL based at least in part on said token. 

Claims 4, 13, 22 and 32 of the instant application are obvious over claims 1, 3 and 5 
above, as they produce limitations of claim 1 and wherein said token is from a token 
pool associated with the location of digital content for which access is authorized. 

7. This obviousness-type double patenting is a provisional rejection as the 
conflicting claims have not been patented. 

Claim Rejections - 35 USC § 102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

9. Claims 1, 10, 19 and 28 rejected under 35 U.S.C. 102(e) as being anticipated by 
Muntz et al. (US Patent Application Publication No. 2003/0208681, filed May 6, 2002). 
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9.1. As per claims 1 , 10, 19 and 28 Muntz is directed to a method for digital content 
access control, comprising: receiving, by a content provisioner, a digital content request 
comprising a request for digital content (Fig. 5A and associated text, and in particular 
paragraph 39); creating, by the content provisioner, an authenticated digital content 
request (Fig. 3 and associated text describes creation of a block list and a token 
identifying the resource to be accessed, the operations that could be performed on the 
resource and the user credentials) if a user associated with said digital content request 
is authorized to access said digital content (for example, paragraph 31); determining, 
by said content provisioner (Muntz client 105 is the target device (which receives the 
data and credentials) and the Administrative Server 104 (part of which is the Metadata 
Server 214) is the Content Provisioner. Per paragraph 19, metadata server sends the 
block list and the validation mechanism to the client 105. As indicated in Fig. 1 and 
paragraphs 12-14, client 105 and the metadata server are connected via network. To 
communicate via network, the metadata server is required to identify the client as 
recipient of data, otherwise a network connection to transmit data cannot be 
established. In addition, per paragraph 32, the client 105 and Metadata server 
authenticate each other. This explicitly shows that the Metadata server identifies the 
client 105.), one or more delivery parameters, said one or more delivery parameters 
identifying a target device to receive said digital content (the block list and the token 
determine access parameters and credentials of the user and the client device); 
wherein said one or more delivery parameters is used to determine said target device 
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(as mentioned above, the content provisioner determines delivery parameters which 
identify the target. Therefore, the delivery parameters are used to identify the target. In 
addition, per paragraph 32, the token includes credentials, such as operation type(s) 
authorized for the client. The token is generated by the metadata server. If the token 
identifies the operations allowed by the client, it must also identify the client, and is used 
to identify the client. Note that per parag. 13, client 105 may include computer or 
computer systems.); and sending, by said content provisioner, said authenticated digital 
content request including said one or more delivery parameters (paragraph 19). 

Claim Rejections - 35 USC § 103 

10. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

11. Claims 2-9, 11-18, 20-27 and 29-86 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Muntz et al. (US Patent Application Publication No. 
2003/0208681 , filed May 6, 2002) in view of Official Notice. 

11.1. As per claim 2, Muntz is directed to the method of claim 1 wherein said digital 
content request comprises a Universal Resource Locator (URL); said authenticated 
digital content request comprises a tokenized URL; and said creating further comprises: 
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determining a token pool associated with said digital content; determining a token in 
said token pool; and creating a tokenized URL based at least in part on said token 
(Muntz teaches identification of the resource to be accessed using a token and a block 
list as identified in rejection of claim 1 . Examiner takes the official notice that a common 
and widely practice mechanism to identify a resource and credentials needed to access 
the resource is using URLs and tokenized URLs. It would have been obvious to a 
person skilled in art to use a tokenized URL as a mechanism to implement Muntz block 
list and token). 

1 1 .2. As per claim 3, Muntz is directed to the method of claim 2 wherein said tokenized 
URL further comprises a cryptogram based at least in part on an identifier that 
describes the location of said digital content (Muntz teaches creating a encryption of the 
token and the block list in paragraph 39. Note that the token and/or the block list include 
information that identifies the resource, and therefore once encrypted, creates a 
cryptogram based on characteristics of the resource). 

1 1 .3. As per claim 4, Muntz is directed to the method of claim 2 wherein said token is 
from a token pool associated with the location of digital content for which access is 
authorized (generation or selection of tokens from a token pool to identify and describe 
the resource to be accessed was well-known at the time of invention). 
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1 1 .4. As per claim 5, Muntz is directed to the method of claim 1 , further comprising 
synchronizing with said content repository if synchronization is enabled (paragraph 23 
teaches synchronization with the resource storage during authorization process). 

1 1 .5. As per claim 6, Muntz is directed to the method of claim 1 wherein said one or 
more delivery parameters comprises a serial number uniquely identifying said target 
device (paragraph 23 shows the credentials of the user and the client device are part of 
the authorization combination). 

1 1 .6. As per claim 7, 8 and 9 Muntz is directed to the method of claim 1 , which 
describes a method for access control to digital data and determining whether the client 
is authorized to access data. After the access authorization is determined, the next step 
is secure delivery of digital content. Examiner takes the official notice that use of a token 
to specify and communicate the parameters associated with the content delivery 
encryption protocol, such as the cryptographic process and methods to derive keys for 
encryption and decryption was well-known at the time of invention. 

1 1.7. Limitations of claims 10-32 are substantially the same as limitations of claims 1-9 
above. 

1 1 .8. As per claim 33, Muntz is directed to a method for digital content access control, 
comprising: receiving, by a content repository, an authenticated digital content request 
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including one or more delivery parameters (Fig. 3 item 216 and Fig. 5B and associated 
text shows reception of an authenticated digital content request by a block server), 
wherein said one or more delivery parameters is used to determine the target device 
(see claim 1) said authenticated digital content request based at least in part on a digital 
content request comprising a request for digital content (see response to claim 1); 
validating, by said content repository, said authenticated digital content request, said 
validating comprising indicating said authenticated digital content request is valid if said 
authenticated digital content request is validly associated with said digital content and if 
said authenticated digital content request authenticates said digital content request 
(paragraphs 27-29); determining, by said content repository, a session key if said 
authenticated digital content request is valid (paragraph 28), said determining 
comprising: determining a target key based at least in part on a target ID obtained using 
said one or more delivery parameters, said target ID identifying a target device; and 
applying a cryptographic process to a first key based at least in part on at least part of 
said authenticated digital content request together with said target key to create said 
session key; encrypting said digital content using said session key; and sending said 
encrypted digital content (as mentioned in response to claim 1, creation of a session 
key to encrypt the digital content for secure delivery to a target device was well-known 
and commonly used at the time of invention). 

1 1 .9. As per claim 34, creation of the session key based on another master key and 
parameters identified in a token were well-known at the time of invention. 
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11.10. Limitations of claims 35-41 are substantially the same as limitations of claims 1-9 
and 33-35 above. 

1 1 .1 1 . As per claim 42-45 Muntz is directed to the method of claim 33 wherein said 
validating further comprises: receiving a token; indicating said token is invalid if said 
token is not associated with an partially redeemed or unredeemed offset within a token 
offset window, said token offset window comprising one or more offset entries identified 
by a base number and an offset from said base number, said one or more offset entries 
associated with a token in a token pool formed by applying a cryptographic process to 
the sum of said base number and said offset from said base number, together with a 
token chain key, said token pool associated with said digital content; and updating the 
offset entry associated with said token and indicating said received token is valid if said 
token is associated with a partially redeemed offset or unredeemed offset within said 
token offset window (Muntz is directed to limitations of claim 33 as discussed above. 
The additional limitations are directed to a method of checking the validity of a token 
selected from a token pool, wherein the token pool is associated with a digital content 
for controlling user access. Examiner takes the official notice that this method was well 
known in the art at the time of invention, and it would have been obvious to the person 
skilled in art to use the method to control and limit user access to digital data). 
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11.12. Limitations of claims 46-86 are substantially the same as limitations of claims 1- 
45 above. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is 571 
272 3739. The examiner can normally be reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 
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